As reported in Law360 (sub. req.), the new NIST (National Institute of Standards and Technology) guide to security for connected-device makers (Special Publication 800-160) runs 257 pages. Released on November 15th, the guide advises companies to implement security from the very beginning and to monitor their systems.
The guide lays out dozens of technical standards and security principles for connected-device developers in an attempt to reduce security vulnerabilities. The publication will no doubt receive a lot of attention in the wake of the Dyn attack, in which hackers hijacked millions of Internet-connected devices in a major cyberattack on domain name service provider Dyn which temporarily blocked assets to popular websites, including Twitter and the New York Times. The attack prompted NIST to release its guide a month early.
Now we just have to convince money-hungry manufacturers that it makes economic sense to raise their prices to budget-conscious consumers who don't care a fig about security in order to make sure those consumers (and others) are secure. Oh yeah, that ought to work . . .
E-mail: firstname.lastname@example.org Phone: 703-359-0700
Digital Forensics/Information Security/Information Technology